Header graphic for print
Steptoe Cyberblog

RSA CEO Speaks Out on Privacy

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

In a speech earlier this week to RSA 2012 in Europe, Art Coviello challenged privacy laws as a threat to, well, privacy:

“Intelligence-based security also requires information sharing at scale,” said Coviello.

But these changes are held back by a number of things, including current privacy laws.

Coviello recounted a discussion he had with a CIO at a leading European manufacturer. Laws require him to protect personally identifiable information in his company’s possession or run the risk of stiff fines and penalties, which is fair enough, the CIO told Coviello.

“However, if he implements the very technologies needed to protect that information, including visibility of traffic on his own network, he can potentially and inadvertently break laws designed to protect workers’ privacy. So he can’t win, ridiculous but true,” said Coviello.

“Where is it written that cyber criminals can steal our identities but any industry action to protect us invites cries of Big Brother,” Coviello asked.

Privacy advocates were quick to attack Coviello. But his willingness to go public is significant. Until now, with rare exceptions, no mainstream businessman wanted to take the heat for condemning privacy excesses. But it looks as though the wall of silence is beginning to break.

RSA is no stranger to the privacy debate. Indeed, it built its business reputation in the 1990s by leading the fight against NSA’s Clipper chip and encryption controls, which RSA saw then as the main enemy of Internet security.

I was part of that fight, though on the other side, so I find RSA’s defection from the privacy camp deliciously symbolic.